Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

About Ben83

Re: MS Warm Spare vs Stacking

by in Switching
‎Jan 25 2020 10:09 AM
‎Jan 25 2020 10:09 AM
@PhilipDAththanks! So, in a stacking scenario, I would use an uplink to the MX on each switch in a LAG to ensure redundancy in case one of the switches was to fail? ... View more

MS Warm Spare vs Stacking

by in Switching
‎Jan 24 2020 2:26 PM
‎Jan 24 2020 2:26 PM
Looking at the following diagram as a potential setup for a small office. There are more like 12 AP's. I realize this is not full HA, however, this is the hardware we have to work with, perhaps an additional MX will be added in the future. In this setup, the warm spare will only operate in L2, does this mean that all AP's connected to the spare will have traffic including internet traffic routed through the primary switch?   Can anyone suggest a better solution given the above hardware? Is it possible to stack these two switches and have redundancy in case one of them fails?      ... View more

Re: Constant association & disassociation to APs

by in Wireless
‎Jul 30 2019 7:37 AM
‎Jul 30 2019 7:37 AM
Hi @WD40 , Did you ever resolve this?  I do not have complaints about our wireless dropping, however, I do experience the same log entries & would also like to understand if this is normal.  Our environment is not mixed, so that cannot be the cause. I love how people commonly suggest speaking with your neighbors as if that is a simple solution 🙂 When you are located in a busy corporate highrise, with over 30 SSID's in range, it's not so simple.   ... View more

Re: Clients being blocked from SSID

by in Wireless
‎Apr 22 2019 7:13 AM
‎Apr 22 2019 7:13 AM
This morning,  I had an issue with two MacOS devices, both have been on our Corp wireless for several months.  Today, they received the message "this network's administrator has prevented you from using the network". Both devices had been assigned a custom policy blocking access to the corp Wifi.   I assume it's possible, though unusual that the device has specified a different User-Agent string from all previous authentication requests, or could this be something else?  and is there somewhere I can identify the cause.  The event log's for the affected device are limited.   ... View more

Re: Wireless 802.1x fails after credentials updated

by in Wireless
‎Feb 19 2019 7:27 AM
‎Feb 19 2019 7:27 AM
Thanks for the suggestion @PhilipDAth  I'll look into certificate based radius.  To clarify though, is this a limitation on every radius server with username/password auth? or specifically foxpass?  I seem to recall in a past implementation using MS Radius, that users were prompted for new credentials after a password change?   ... View more

Wireless 802.1x fails after credentials updated

by in Wireless
‎Feb 15 2019 1:03 PM
‎Feb 15 2019 1:03 PM
I realize this is unlikely to be a Meraki specific issue, however, hoping someone in this community may have a recommended solution. We recently implemented 802.1x in our environment and have just noticed an issue. When a user updates their directory password (OKTA), instead of the Mac prompting the user for a new password, authentication fails with an obscure message, see attached. We have Meraki AP's and we are using Foxpass radius server which delegates authentication to OKTA. I'm not sure if this set up is a factor. If I manually delete the Keychain entry, the authentication prompt comes back as expected and I am able to enter my updated password and connect as usual.   ... View more

Clients being blocked from SSID

by in Wireless
‎Jan 16 2019 8:39 AM
‎Jan 16 2019 8:39 AM
Hi, Today I enabled two simple policies on our corporate SSID   Assign group policies by device type Android Blocked iPhone Blocked   After applying the policy, I noticed iPhones and Androids picked up a custom policy and were blocked from the corporate SSID as expected.  However, one of our users Macbook's also picked up the policy, even though when I looked at the device type, it correctly detected OS X.  See attached.     ... View more

Re: ACL for Guest Network

by in Switching
‎Nov 8 2018 8:10 AM
1 Kudo
‎Nov 8 2018 8:10 AM
1 Kudo
@Adam suggestion of supernetting simplifies the rules significantly. For example, you could set up your network something like this.   Name    Supernet Corp 10.50.0.0/23 10.50.0.0/20 Eng 10.50.2.0/23 Voice 10.50.4.0/23 Management 10.50.6.0/24 Spare 10.50.7-15 Guest 10.50.200.0/23 10.50.200.0/23   Then add two rules. Deny Guest to All Company Subnets - Deny source 10.50.200.0/23 destination 10.50.0.0/20 Deny All Company Subnets to Guest - Deny source 10.50.0.0/20 destination 10.50.200.0/23 ... View more

Re: Multicast Basic's

by in Switching
‎Aug 16 2018 2:23 PM
‎Aug 16 2018 2:23 PM
ok, makes sense.  IGMP Snooping is enabled by default on the Meraki Core switch. Multicast Routing and IGMP Querier are optional and required for routing multicast traffic between VLANS.   ... View more

Re: Multicast Basic's

by in Switching
‎Aug 16 2018 2:12 PM
‎Aug 16 2018 2:12 PM
Cool, I guess I'll leave it disabled for now. I do plan to create a VLAN for Airplay devices, printers, Apple TV's etc. Is Multicast routing required to have these accessible in multiple VLAN's?  or does Meraki have a separate solution for this? ... View more

Multicast Basic's

by in Switching
‎Aug 16 2018 10:06 AM
‎Aug 16 2018 10:06 AM
Hi, I have recently installed a new MX Appliance and MS Core switch. The MS switch is handling all L3 Routing between VLAN's and we have 3 existing C2960 access switches. Our previous network consultant enabled IGMP snooping on each VLAN of all of the C2960 switches, however, the switches are not detecting a multicast router on the network. On the new MS core switch, I have not enabled Multicast routing on any of the VLANs.   I don't currently have any complaints from our users and am not seeing any issues, however, I am interested to know what the default recommended setup would be. 1. What happens to multicast traffic in this scenario where there is no multicast router? 2. Should I enable multicast routing on each of the VLAN interfaces on the MS Core switch? 3. or simply enable IGMP snooping querier or leave it disabled if there are no issues.   Thanks for any advice   ... View more

Re: ACL for Guest Network

by in Switching
‎Aug 14 2018 7:09 AM
‎Aug 14 2018 7:09 AM
Hey @Adam, I had considered this as well, it would certainly simplify the rules. Unfortunately, I inherited this network and the subnets are not set up to allow this, however, I may modify to allow for this. Thanks ... View more

Re: ACL for Guest Network

by in Switching
‎Aug 14 2018 7:06 AM
‎Aug 14 2018 7:06 AM
Hey @MerakiDave, thanks for the info. The ACL's are being applied on the L3 Switch.  It's simple enough to call-out each network in a separate ACL and I guess it also gives more granular control over additional VLANs to locate share resources like Printers etc. So far, I have been setting these up via source/destination subnet, as you mentioned.   ... View more

ACL for Guest Network

by in Switching
‎Aug 13 2018 3:33 PM
‎Aug 13 2018 3:33 PM
Hi, I am setting up a new network for our company and am working on ACL's to control access to various network segments. All routing is performed on a layer 3 core switch.  In this example, let's say we have the following 4 VLANS. Engineering, Sales, Finance, and Uplink (for internet). Currently, the default ACL allows access to ALL other VLANs.  If I want to block access to all VLANs other than the internet, I need to set up an individual deny ACL for each of the VLAN's, Engineering and Finance.  Are there other solutions that don't require creating individual ACL to block access each time a new VLAN is added? Example 2 of this support article mentions using the source VLAN rather then the subnet, however, this would also block internet traffic. What is the recommended solution Thanks   ... View more
My Top Kudoed Posts
© 2024 Cisco Systems, Inc.